GB2472814A - Authentication and activation of a switchgear device - Google Patents

Authentication and activation of a switchgear device Download PDF

Info

Publication number
GB2472814A
GB2472814A GB0914491A GB0914491A GB2472814A GB 2472814 A GB2472814 A GB 2472814A GB 0914491 A GB0914491 A GB 0914491A GB 0914491 A GB0914491 A GB 0914491A GB 2472814 A GB2472814 A GB 2472814A
Authority
GB
United Kingdom
Prior art keywords
fixture
meta
public network
memory
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0914491A
Other versions
GB0914491D0 (en
Inventor
Sean Ganley
Carl Lewis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
C&S Technology Ltd
Original Assignee
C&S Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by C&S Technology Ltd filed Critical C&S Technology Ltd
Priority to GB0914491A priority Critical patent/GB2472814A/en
Publication of GB0914491D0 publication Critical patent/GB0914491D0/en
Publication of GB2472814A publication Critical patent/GB2472814A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01HELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
    • H01H71/00Details of the protective switches or relays covered by groups H01H73/00 - H01H83/00
    • H01H71/74Means for adjusting the conditions under which the device will function to provide protection
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02HEMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
    • H02H3/00Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition with or without subsequent reconnection ; integrated protection
    • H02H3/006Calibration or setting of parameters
    • H02J13/0079
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01HELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
    • H01H2300/00Orthogonal indexing scheme relating to electric switches, relays, selectors or emergency protective devices covered by H01H
    • H01H2300/03Application domotique, e.g. for house automation, bus connected switches, sensors, loads or intelligent wiring
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02BCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
    • Y02B90/00Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
    • Y02B90/20Smart grids as enabling technology in buildings sector
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S20/00Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
    • Y04S20/14Protecting elements, switches, relays or circuit breakers
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/12Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
    • Y04S40/128Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment involving the use of Internet protocol

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A switchgear device 100 comprising an indicator or processor 101 having a non-volatile memory 102 which cannot be directly accessed from outside the device is remotely activated via an external fixture 108. Identification data such as the device serial number is transacted with a remote authentication server 110 which validates the identity of the device and transmits a meta number to the device which decodes the meta-number and activates the switchgear device if it is found to be valid, possibly by comparison with a unique number stored in the device memory. Communication between the device 100 and, fixture 108 may be by a low rate asynchronous communication bus transmitting data in short packets; include decryption 103, 106 devices and communication interfaces 104,105 using a TCP/IP transmission protocol and galvanic isolation. Communication with remote server (fig 3, 110) can include encryption (fig 3, 114, 115) to encrypt the meta number before transmission and be over a public network such as the internet. A switchgear device can be activated from a dormant to a functional state at installation or at the point of purchase, allowing genuine parts to be identified from counterfeit parts.

Description

Title: Activation and anti counterfeiting function
Background to the invention
A large number of switchgear devices are copied mainly because of their relative mechanical and electronic simplicity. In the mast majority of cases the external appearance of most copies compares with a genuine product whilst their interior construction is somewhat different from the genuine design resulting usually in a much reduced performance and in some cases dangerous behaviour.
A number of solutions exist to identify counterfeit products, for example serial numbers, holograms etc, and while these do allow manufacturers to trace product and identify how counterfeit products are entering the distribution channels there is no real method to distinguish between a genuine product and a copy at the point of sale.
The purpose of this invention is to disclose a method of product activation either at the end customers installation or at the point of purchase thereby allowing end users and installers to clearly identify genuine parts from counterfeit ones. Additionally this method allows manufacturers to offer greater support to end users and installers.
Description
The route from a switchgear manufacturer to the end customer is typically via national distribution networks through wholesalers and onto installers. This channel does not have a feedback path from the installers to the manufacturers to confirm the product they are using is genuine.
Typically is the end user I installer is asked to complete a warranty card or similar registration form, this rarely happens. All that the end customer is concerned with is that the product appears to be functioning correctly.
The method described relies on switchgear devices being locally activated either at the point of use or at the point of sale. Activation can mean either the device is switched from a dormant state where non or part of the device is functioning to a condition where it is fully functional, or to a state where the device indicates that it has been validated with the manufacturer.
The method of activation uses a transaction process that transmits a secure code between the manufacturer and the device. This method consists of four parts, a serial number, a unique device number, meat number and an encryption key.
At the point of activation the device is attached to an activation fixture which reads the serial number from the device along. This number with customer information is then transmitted to an authentication server which generates the meta number using the encryption key. This number is transmitted to the device attached to the fixture.
The device then decrypts the meta number using the key embedded in the device and then either indicates the product is genuine or enables the functionality of the device if the decoded meta number is found to be a match to the unique device number.
The unique number is a randomly generated number typically 16 digits in length and is different from the serial number allocated to the device at manufacture. This device number along with the serial number and activation key are programmed into the device at manufacture in one time programmable memory. Both the encryption key and unique device number are protected from being read out of the memory and therefore not being copied.
Figure 1 illustrates the process flow during the activation sequence.
The second part decryption method uses could be a widely available variety for example AES or a proprietary version unique to a specific manufacturer.
Implementation of the one time programmable memory may be as part of the overall memory in a microprocessor or similar used to control the device or as a stand alone memory.
The first part decryption algorithm may be implemented as firmware code executed on a microprocessor based device or implemented as an integrated circuit or as a hardware description programmed in to a gate array.
The authentication server has access to the manufacturers serial number database which incorporates both the serial number of the device manufactured and the random 16 digit device number.
When the server receives the authentication request it looks up the supplied serial number in the database and then reads the device number. This device number is then used to generate the authentication code which is transmitted to the device requiring authentication. Encryption of the device number is in multiple stages the first part being to generate a meta number which represents the device number this meta number is then encoded again for transmission to the device fixture. The object of this double encoding method is to prevent the device number being transmitted directly to the device as this encoded number may be compromised. The second part of the encoding is typically used to secure data being transmitted over public networks.
The fixture may incorporate a decoding device to remove the second part encoding however the first part decoding will always be performed within the device.
The encoding a decoding algorithms of the first part may share a common mathematical function.
Description of diagrams
Error! Reference source not found. shows the authentication process flow Error! Reference source not found. shows the functional components of both the circuit breaker and the activation fixture Error! Reference source not found. shows the functional components of the authentication server.
Embodiment I Example
With reference to Error! Reference source not found., this diagram illustrated the authentication process flow between the four components involved in the authentication process.
With reference to Error! Reference source not found. and Error! Reference source not found., The preferred embodiment comprises a device 100 a fixture 108 and an authentication server 110.
The device requiring authentication 100 must at least have and indicator or processing means 101 a non volatile read only memory 102 in which parts of the memory cannot be directly accessed from outside the device 100, a first part decryption function 103 which can be implemented as an integrated circuit and a communications interface 104.
The Fixture 108 comprises at least communications interface 105 for connecting to the device requiring authentication, a second part decryption function 106 and a public network interface 107.
The authentication server 110 comprises at least a public network interface 111 a request manager 112, database 113 containing serial numbers and related device numbers first part encryption process 115 and second part encryption process 114.
The communications link between the device 100 and the fixture 108 is typically a low data rate asynchronous communications bus which transmits data in short packets and command messages between the fixture and the device. This protocol operating on this bus could be SPI, llC, lrDA or some other specific protocol. The bus would typically be galvanically isolated and the physical interface between the device and the fixture 108 could be via an optical coupling means.
The data link between the public network interfaces 107 and 111 would typically be an internet interface connected using Ethernet and TCP/IP as the transmission protocol.
Figure 1 described the flow for the authentication process. Once the device 100 is attached to the fixture 108 the activation sequence can be started by either the device itself 100 or the fixture 108. The serial number stored in the device memory 102 is transmitted via the communications interface 104 to the fixture 108 The fixture then packs the serial number with customer related data and sent to the authentication server 110.
The authentication server receives the data and looks up the device in the database using the serial number as a reference key. Each device record contains the unique device number, this is then encrypted to generate the meta number which in turn is encrypted again for transmission via a public network In the fixture the encrypted authorization code is received via the public network interface 107 and the 2nd part decryption takes place to leave the 1st part encrypted data. The 2nd part decryption process is implemented either as a software algorithm or as an integrated circuit within the fixture 108.
The first part encrypted authorization code is transmitted to the device via the communications interface 105. The device 100 receives the first part encrypted meta number and decrypts this to reveal the meta number this first part decryption process is implemented either as a software algorithm or as an integrated circuit within the device 100.
The decoded device number is validated against the device number using a suitable comparison process. Up on validation the indicator or CPU 101 either indicated that the device has been validated or activates the some or all of the functions of device 100.

Claims (11)

  1. Claims 1. A method of device activation incorporating a switchgear device 100 having an indicator or processing means 101 a non volatile read only memory 102 in which parts of the memory cannot be directly accessed from outside the device 100 incorporating a method of remote activation when used in conjunction with an external fixture 108 to enable said device 100 identification data to be transacted between the said device 100 and a remote authentication server 110 which validates the identity of the said device 100 and transmits a meta number to the device 100 which in turn decodes said meta number and activates the said device 100 if found to be valid.
  2. 2. A device according to claim 1 incorporating a first part decryption function 103.
  3. 3. A device according to claim 2 which may be implemented as an integrated circuit.
  4. 4. A device according to claim 1 incorporating communications interface 104.
  5. 5. A Fixture according to claim 1 comprises a communications interface 105, a second part decryption function 106 and a public network interface 107.
  6. 6. An Authentication server according to claim 1 comprises a public network interface 111 a request manager 112, database 113, first part encryption process 115 and second part encryption process 114.
  7. 7. A communications interface according to claim 4 characterized by a low data rate asynchronous communications bus which transmits data in short packets and command messages between the fixture 108 and the device 100.
  8. 8. A communications interface according to claim 4 further characterized by a galvanically isolated physical interlace between the device 100 and the fixture 108.
  9. 9. A public network interface according to claim 4 using TCP/IP as the transmission protocol.
  10. 10. An Authentication server according to claim 6 characterized by a method using the device 100 serial number as a reference key to look up the device record containing the unique device number which is then encrypted to generate the meta number which in turn is encrypted again for transmission via the public network interface
  11. 11. A device according to claim 1 characterized by a comparison algorithm that compares the unique number stored within the device's memory and the received decoded meta number number.
GB0914491A 2009-08-19 2009-08-19 Authentication and activation of a switchgear device Withdrawn GB2472814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0914491A GB2472814A (en) 2009-08-19 2009-08-19 Authentication and activation of a switchgear device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0914491A GB2472814A (en) 2009-08-19 2009-08-19 Authentication and activation of a switchgear device

Publications (2)

Publication Number Publication Date
GB0914491D0 GB0914491D0 (en) 2009-09-30
GB2472814A true GB2472814A (en) 2011-02-23

Family

ID=41171608

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0914491A Withdrawn GB2472814A (en) 2009-08-19 2009-08-19 Authentication and activation of a switchgear device

Country Status (1)

Country Link
GB (1) GB2472814A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332750A (en) * 2011-05-31 2012-01-25 镇江泰丰电工设备制造有限公司 Intelligent high-voltage switch cabinet
CN105576605A (en) * 2016-03-08 2016-05-11 杭州青橄榄网络技术有限公司 Dormitory high-power equipment management method and controller

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030151491A1 (en) * 2000-04-19 2003-08-14 Fabrice Martin Method and device for monitoring enablement of an electrical apparatus connected to a power grid
WO2008095894A1 (en) * 2007-02-05 2008-08-14 Siemens Aktiengesellschaft Energy distribution device, particularly low-voltage energy distribution device, and method for authenticating an energy distribution device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030151491A1 (en) * 2000-04-19 2003-08-14 Fabrice Martin Method and device for monitoring enablement of an electrical apparatus connected to a power grid
WO2008095894A1 (en) * 2007-02-05 2008-08-14 Siemens Aktiengesellschaft Energy distribution device, particularly low-voltage energy distribution device, and method for authenticating an energy distribution device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332750A (en) * 2011-05-31 2012-01-25 镇江泰丰电工设备制造有限公司 Intelligent high-voltage switch cabinet
CN105576605A (en) * 2016-03-08 2016-05-11 杭州青橄榄网络技术有限公司 Dormitory high-power equipment management method and controller

Also Published As

Publication number Publication date
GB0914491D0 (en) 2009-09-30

Similar Documents

Publication Publication Date Title
US20160277933A1 (en) Secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment
RU2321179C2 (en) Method for protected transmission of data between two devices
JP4954628B2 (en) Authentication device, authenticator and authentication method using true random number generator or pseudorandom number generator
US7879111B2 (en) System and method for RFID transfer of MAC, keys
EP0912919B1 (en) Immobilisation protection system for electronic components and method therefor
US20120078798A1 (en) Systems and methods for transmitting financial account information
JP2009524165A (en) Network security system and method
JP2005518041A (en) Methods and configurations for protecting software
US20150222426A1 (en) Method and System for Transferring Firmware or Software to a Plurality of Devices
CN1913427A (en) System and method for encrypted smart card PIN entry
WO2003021406A2 (en) Data storage device security method and apparatus
WO2003015340A1 (en) A method for processing information in an electronic device, a system, an electronic device and a processing block
KR20170093847A (en) Device keys protection
KR20100071209A (en) Verification of device using device tag
CN112187714A (en) Device control method, device and computer readable medium
WO2008021581A2 (en) Secure electronic transaction system
US20150334095A1 (en) System and method for securing data exchanges, portable user object and remote device for downloading data
FR2808149A1 (en) Monitoring activation of electrical device connected to power grid, uses comparison of enabling code sent from monitoring station with code held in device
US9536116B2 (en) Active component embedded in cable
US20080307499A1 (en) Upgradable Security Module
US20070143607A1 (en) Electronic device enabling hardware and methods
US7233920B1 (en) System and apparatus for credit transaction data transmission
GB2472814A (en) Authentication and activation of a switchgear device
CN104350756A (en) Security device for pay-tv receiver decoder
JPH1020778A (en) Encoding device, decoding device and ic card

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)